We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug There is a global-buffer-overflow bug found in compilePassOpcode, can be triggered via lou_checktable+ ASan
To Reproduce Steps to reproduce the behavior:
export CC=clang && export CFLAGS="-fsanitize=address -g" ./autogen.sh && ./configure --disable-shared --disable-local-libopts && make clean && make -j8 ./tools/lou_checktable POC
Output:
==17764==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000102f062 at pc 0x00000051d4ce bp 0x7ffdfad96390 sp 0x7ffdfad96388 WRITE of size 2 at 0x00000102f062 thread T0 #0 0x51d4cd in compilePassOpcode /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:1896:31 #1 0x50f7bf in compileRule /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:3947:11 #2 0x4ff42b in compileFile /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:4660:9 #3 0x4fbbe9 in compileTable /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:4767:9 #4 0x4f9bdf in getTable /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:4939:7 #5 0x4f9061 in _lou_getTable /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:4848:2 #6 0x4fb51f in lou_getTable /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:4860:2 #7 0x4f4109 in main /benchmark/vulnerable/liblouis/tools/lou_checktable.c:114:16 #8 0x7f6ff64f0bf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310 #9 0x41b699 in _start (/benchmark/vulnerable/liblouis/tools/lou_checktable+0x41b699) 0x00000102f062 is located 0 bytes to the right of global variable 'passRuleDots' defined in 'compileTranslationTable.c:1850:21' (0x102e060) of size 4098 SUMMARY: AddressSanitizer: global-buffer-overflow /benchmark/vulnerable/liblouis/liblouis/compileTranslationTable.c:1896:31 in compilePassOpcode Shadow bytes around the buggy address: 0x0000801fddb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801fddc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801fddd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801fdde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0000801fddf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0000801fde00: 00 00 00 00 00 00 00 00 00 00 00 00[02]f9 f9 f9 0x0000801fde10: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801fde20: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801fde30: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801fde40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0000801fde50: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==17764==ABORTING
System
OS: Ubuntu OS version : can be reproduced in 18.04/20.04 clang version: 12.0.1 (release/12.x) liblouis Version : latest commit 4d73c81
Credit Han Zheng NCNIPC of China Hexhive
POC POC.zip
The text was updated successfully, but these errors were encountered:
CVE-2022-26981 appears to be associated with this issue.
Sorry, something went wrong.
https://www.cve.org/CVERecord?id=CVE-2022-26981
Fixed by #1185
egli
Successfully merging a pull request may close this issue.
Describe the bug
There is a global-buffer-overflow bug found in compilePassOpcode, can be triggered via lou_checktable+ ASan
To Reproduce
Steps to reproduce the behavior:
Output:
System
OS: Ubuntu
OS version : can be reproduced in 18.04/20.04
clang version: 12.0.1 (release/12.x)
liblouis Version : latest commit 4d73c81
Credit
Han Zheng
NCNIPC of China
Hexhive
POC
POC.zip
The text was updated successfully, but these errors were encountered: